Skip to content

Getting Started

Jump to bottom
David Sugar edited this page Oct 13, 2023 · 8 revisions

Welcome, this guide should help you get started with keylib. If you have any questions or encounter bugs, please open an issue.

Keylib is a library designed to assist you in implementing PassKeys, which are platform authenticators compatible with FIDO2. This library handles the task of generating new credentials and assertions when required, and your responsibility is to furnish it with the necessary callbacks. Keylib currently offers two interfaces, one for Zig and another one for C.

1) Callbacks

The first step when using this library is to implement the required callbacks (C, Zig).

#include "keylib/keylib.h" // Data, Denied, DoesNotExist

// Make a user presence check, e.g. display a button and ask the user if she wants to confirm the action.
// The arguments info, user, and rp are null terminated strings that provide additional context that
// you can display.
//
// This function should return Accepted, Denied, or Timeout
int my_up(const char* info, const char* user, const char* rp) {
    printf("up\n");
    return Denied;
}

// This callback sould implement some form of user verification, e.g. when called, ask a user for a password.
//
// This function should return Accepted, Denied, or Timeout
int my_uv() {
    printf("uv\n");                                                                                  
    return Denied;
}

// Let the user select one of multiple credentials associated with a relying party.
//
// You should either return the users index or -1.
int my_select_cred(const char* rpId, char** users) {
    printf("select\n");
    return -1;
}

// Read data from permanent storage.
//
// If id is not null:
//     Create a Data array with two elements, where the first element contains the requested data and
//     the second element is a null terminator. Assign the array to out. Then return SUCCESS.
// If id is null and rp is not null:
//     Create a null terminated Data array that contains all data associated with the given rp (relying party).
//     Assign the array to out. Then return SUCCESS.
// if id is null and rp is null:
//    Create a null terminated data array that contains all stored data. Assign the array to out.
//    Then return SUCCESS.
// Return DoesNotExist if no data could be found.
int my_read(const char* id, const char* rp, Data** out) {
    printf("read");
    return DoesNotExist;
}

// Persist the given data and make sure that it can be found using its id and associated rp (relying party).
int my_write(const char* id, const char* rp, const char* data) {
    printf("write");
    return -1;
}

// Delete the data associated with the given id.
int my_delete(const char* id, const char* rp) {
    printf("delete\n");
    return -1;
}

The Data struct contains a payload and a len field.

Clone this wiki locally